Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crypto vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-39322
QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.
Golang Go
NA
CVE-2023-37759
Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated malicious users to register as an Admin account via a crafted POST request.
Trendylogics Crypto Currency Tracker
NA
CVE-2023-20269
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote malicious user to conduct a brute force attack in an attempt to identify valid username an...
Cisco Adaptive Security Appliance Software 9.16.1
Cisco Adaptive Security Appliance Software 7.0.3
Cisco Adaptive Security Appliance Software 7.0.4
Cisco Adaptive Security Appliance Software 7.0.1
Cisco Adaptive Security Appliance Software 7.0.2
Cisco Adaptive Security Appliance Software 7.0.6
Cisco Adaptive Security Appliance Software 7.0.5
Cisco Adaptive Security Appliance Software 7.2.3
Cisco Adaptive Security Appliance Software 7.2.2
Cisco Adaptive Security Appliance Software 7.2.4
Cisco Adaptive Security Appliance Software 7.2.5
Cisco Adaptive Security Appliance Software 7.2.1
Cisco Adaptive Security Appliance Software 9.8.2
Cisco Adaptive Security Appliance Software 9.8.3.18
Cisco Adaptive Security Appliance Software 9.8.3.26
Cisco Adaptive Security Appliance Software 9.12.2
Cisco Adaptive Security Appliance Software 9.8.2.24
Cisco Adaptive Security Appliance Software 9.8.3.16
Cisco Adaptive Security Appliance Software 9.8.4.29
Cisco Adaptive Security Appliance Software 9.12.2.5
Cisco Adaptive Security Appliance Software 9.12.4.4
Cisco Adaptive Security Appliance Software 9.8.2.20
1 Github repository
4 Articles
NA
CVE-2023-33850
IBM GSKit-Crypto could allow a remote malicious user to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to o...
Ibm Txseries For Multiplatform 8.1
Ibm Txseries For Multiplatform 9.1
Ibm Txseries For Multiplatform 8.2
Ibm Cics Tx 11.1
Ibm Cics Tx 10.1
NA
CVE-2022-48570
Crypto++ up to and including 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-1431...
Cryptopp Crypto\\+\\+
NA
CVE-2023-33241
Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an malicious user to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack mig...
Gg20 Project Gg20 -
Gg18 Project Gg18 -
2 Github repositories
NA
CVE-2023-33242
Crypto wallets implementing the Lindell17 TSS protocol might allow an malicious user to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding...
Lindell17 Project Lindell17 -
2 Github repositories
NA
CVE-2023-39533
go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerabi...
Libp2p Go-libp2p
Libp2p Go-libp2p 0.29.0
NA
CVE-2023-3180
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the...
Qemu Qemu
Qemu Qemu 8.1.0
Fedoraproject Fedora 38
Debian Debian Linux 10.0
NA
CVE-2023-29409
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are c...
Golang Go 1.21.0
Golang Go
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »